Jump to content
CCleaner Community Forums

eTrust false positive?


jonz

Recommended Posts

I am running CCleaner v.2.01.507 in a Terminal Server enviroment. It runs evertime a user logs into the TS.

 

My eTrust ITM downloaded signatures at 7:45am... At 7:51am, when the next user logged in, the realtime scanner popped the following warnings:

 

The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx . Status: Infected

and

The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx. Status: File was cured; system cure performed.

 

Do you all think this is a false positive situation? During my googleing of this, i found some mention of false positives on the file a year or so ago.

Link to post
Share on other sites

Another update!

 

It thinks that the install file for the newest version is a virus also :huh:

 

Here is the message:

[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.

 

I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!

Link to post
Share on other sites

I'm getting the same message from eTrust today.

 

It thinks the uninstall program is FakeAV.CX.

 

I also think it's a false positive, but it would be nice if someone could confirm that. I'm going to check the forums at CA.

Link to post
Share on other sites
OK. I've added a topic on CA forum. Track it here:

http://caforums.ca.com/ca/board/message?bo...p;message.id=19

 

Great, thanks.

 

Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.

Link to post
Share on other sites
Great, thanks.

 

Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.

 

right! Same thing with daemon4300-LITE.exe (Daemon-Tools). I've updated the thread at CA forum.

Link to post
Share on other sites
  • Moderators

Probably just another false positive!

 

Files can be verified using two free online single file virus scanning services that use multiple virus scanners, there's nothing to install as you only upload the files to them:

* http://virusscan.jotti.org/

* http://www.virustotal.com/

 

This post has been reported to the owner of Piriform, so that something can be done.

Link to post
Share on other sites
Another update!

 

It thinks that the install file for the newest version is a virus also :huh:

 

Here is the message:

[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.

 

I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!

 

I got the same thing too, it deleted the install and uninstall files on my system tonight.

 

Roland, NK2U

Link to post
Share on other sites
I'm getting the same message from eTrust today.

 

It thinks the uninstall program is FakeAV.CX.

 

I also think it's a false positive

 

 

I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL

 

Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago! :blink:

Link to post
Share on other sites
I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL

 

Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago! :blink:

I never did like anything from CA.
Link to post
Share on other sites
I never did like anything from CA.

 

I'm new to this Forum and registered because of the Trojan detection by my CA security suite. I rarely download software, and hardly ever 'free' software, but I did download CCleaner because of Kim Komando endorsements and other reviews I have read. I was very distressed by the Trojan detection notice/cleanup. While I am now somewhat relieved to learn this was a false positive situation, I'm even more relieved that my CA security software errs on the side of caution.

 

Everyone has their own likes and dislikes; I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.

 

Savor life, and smile...

Link to post
Share on other sites
  • Moderators
I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.

Welcome to the forums!

 

I personally would rather never have a false positive from anti-malware software. If they're falsely detecting program files those are surely easy to reinstall, however; if and when they start falsely targeting Windows OS files themselves that's where a serious problem could arise.

 

Back when I used eTrust Antivirus (and I used it for years) I did like it allot until they started bloating it with the control center, bugs, etc., then the appeal was completely lost.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...